A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | all | ruby2.5 | <= 2.5.5-3+deb10u4 | ruby2.5_2.5.5-3+deb10u4_all.deb |
Debian | 11 | all | ruby2.7 | <= 2.7.4-1+deb11u1 | ruby2.7_2.7.4-1+deb11u1_all.deb |
Debian | 12 | all | ruby3.1 | < 3.1.2-7+deb12u1 | ruby3.1_3.1.2-7+deb12u1_all.deb |
Debian | 999 | all | ruby3.1 | <= 3.1.2-8.3 | ruby3.1_3.1.2-8.3_all.deb |
Debian | 13 | all | ruby3.1 | <= 3.1.2-8.3 | ruby3.1_3.1.2-8.3_all.deb |
Debian | 999 | all | ruby3.2 | < 3.2.3-1 | ruby3.2_3.2.3-1_all.deb |